GDPR Compliance
General Data Protection Regulation (EU) 2016/679
Last updated: September 2025
GDPR Commitment
Data Publisher for Word is fully committed to GDPR compliance. We respect your privacy rights and have implemented comprehensive measures to protect your personal data in accordance with EU regulations.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request access to your personal data and information about how we process it.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data under certain circumstances ("right to be forgotten").
Right to Restrict Processing
You can request limitation of processing of your personal data in specific situations.
Right to Data Portability
You can request your personal data in a structured, machine-readable format.
Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR Article 6:
Legal Bases
- Contract Performance: Processing necessary for contract execution (Article 6(1)(b))
- Consent: Where you have given explicit consent (Article 6(1)(a))
- Legitimate Interest: For service improvement and security (Article 6(1)(f))
- Legal Obligation: To comply with legal requirements (Article 6(1)(c))
Data We Collect
Under GDPR, we are required to inform you about the personal data we collect and process:
Account Information
- Name and email address
- Account credentials (encrypted)
- Profile information you provide
- Subscription and billing details
Usage Data
- Service usage statistics
- Feature interaction data
- Performance and error logs
- IP addresses and browser information
Document Data
- Templates and documents you create
- Data sources you connect
- Processing preferences and settings
Data Processing Activities
We maintain a record of processing activities as required by GDPR Article 30:
| Purpose | Legal Basis | Retention |
|---|---|---|
| Service Provision | Contract Performance | Duration of contract + 3 years |
| Customer Support | Legitimate Interest | 3 years after resolution |
| Marketing Communications | Consent | Until consent withdrawn |
| Security & Fraud Prevention | Legitimate Interest | 2 years after incident |
Data Transfers
When we transfer your personal data outside the EU/EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
- Adequacy Decisions: Transfers to countries with adequate data protection
- Certification Schemes: Cloud providers with appropriate certifications
- Additional Safeguards: Encryption and access controls for all transfers
Data Security Measures
We implement appropriate technical and organizational measures to ensure data security:
Security Measures
Technical Measures
- End-to-end encryption
- Regular security audits
- Access controls and authentication
- Automated backup systems
Organizational Measures
- Staff training and awareness
- Data protection policies
- Incident response procedures
- Privacy by design principles
Exercising Your Rights
To exercise any of your GDPR rights, please contact us using the methods below. We will respond within one month of receiving your request.
Contact Our Data Protection Officer
What to Include in Your Request
- Your full name and email address associated with your account
- Specific right you wish to exercise
- Detailed description of your request
- Proof of identity (if required for security)
Data Breach Notification
In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR Article 34.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. For EU residents, you can contact your local data protection authority.
EU Supervisory Authorities
Find your local data protection authority: European Data Protection Board - Members
Lead Supervisory Authority for our company:
Irish Data Protection Commission (DPC)
www.dataprotection.ie
Children's Data
Our service is not intended for children under 16 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children under this age. If you believe we have inadvertently collected such data, please contact us immediately.
Updates to This Information
We may update this GDPR compliance information from time to time. We will notify you of any material changes by email or through our service. Your continued use of our service after changes become effective constitutes acceptance of the updated information.
Questions about GDPR compliance? Contact our Data Protection Officer at dpo@db2word.com